partial user administration

src/main/java/com/commafeed/backend/StartupBean.java

@@ -1,5 +1,7 @@
 package com.commafeed.backend;
 
+import java.util.Arrays;
+
 import javax.annotation.PostConstruct;
 import javax.ejb.Singleton;
 import javax.ejb.Startup;
@@ -16,7 +18,6 @@ import com.commafeed.backend.model.Feed;
 import com.commafeed.backend.model.FeedCategory;
 import com.commafeed.backend.model.FeedSubscription;
 import com.commafeed.backend.model.User;
-import com.commafeed.backend.model.UserRole;
 import com.commafeed.backend.security.PasswordEncryptionService;
 import com.commafeed.backend.security.Role;
 
@@ -47,24 +48,9 @@ public class StartupBean {
 		if (userService.getCount() == 0) {
 			log.info("Populating database with default values");
 
-			User user = new User();
-			byte[] salt = encryptionService.generateSalt();
-			user.setName("admin");
-			user.getRoles().add(new UserRole(user, Role.ADMIN));
-			user.getRoles().add(new UserRole(user, Role.USER));
-			user.setSalt(salt);
-			user.setPassword(encryptionService.getEncryptedPassword("admin",
-					salt));
-			userService.save(user);
-
-			User testUser = new User();
-			byte[] saltTest = encryptionService.generateSalt();
-			testUser.setName("test");
-			testUser.getRoles().add(new UserRole(testUser, Role.USER));
-			testUser.setSalt(saltTest);
-			testUser.setPassword(encryptionService.getEncryptedPassword("test",
-					saltTest));
-			userService.save(testUser);
+			User user = userService.register("admin", "admin",
+					Arrays.asList(Role.ADMIN, Role.USER));
+			userService.register("test", "test", Arrays.asList(Role.USER));
 
 			Feed dilbert = new Feed(
 					"http://feed.dilbert.com/dilbert/daily_strip");

src/main/java/com/commafeed/backend/dao/UserRoleService.java

@@ -1,5 +1,6 @@
 package com.commafeed.backend.dao;
 
+import java.util.List;
 import java.util.Set;
 
 import javax.ejb.Stateless;
@@ -13,6 +14,10 @@ import com.google.common.collect.Sets;
 @Stateless
 public class UserRoleService extends GenericDAO<UserRole, Long> {
 
+	public List<UserRole> findAll(User user) {
+		return findByField(MF.i(MF.p(UserRole.class).getUser()), user);
+	}
+
 	public Set<String> getRoles(User user) {
 		Set<String> list = Sets.newHashSet();
 		for (UserRole role : findByField(MF.i(proxy().getUser()), user)) {

src/main/java/com/commafeed/backend/dao/UserService.java

@@ -1,12 +1,15 @@
 package com.commafeed.backend.dao;
 
+import java.util.Collection;
 import java.util.List;
 
 import javax.ejb.Stateless;
 import javax.inject.Inject;
 
 import com.commafeed.backend.model.User;
+import com.commafeed.backend.model.UserRole;
 import com.commafeed.backend.security.PasswordEncryptionService;
+import com.commafeed.backend.security.Role;
 import com.commafeed.frontend.utils.ModelFactory.MF;
 import com.google.common.collect.Iterables;
 
@@ -30,4 +33,23 @@ public class UserService extends GenericDAO<User, Long> {
 
 		return null;
 	}
+
+	public User register(String name, String password, Collection<String> roles) {
+		List<User> users = findByField(MF.i(proxy().getName()), name);
+		if (!users.isEmpty()) {
+			return null;
+		}
+		User user = new User();
+		byte[] salt = encryptionService.generateSalt();
+		user.setName(name);
+		user.setSalt(salt);
+		user.setPassword(encryptionService.getEncryptedPassword(password, salt));
+		user.getRoles().add(new UserRole(user, Role.USER));
+		for (String role : roles) {
+			user.getRoles().add(new UserRole(user, role));
+			user.getRoles().add(new UserRole(user, role));
+		}
+		save(user);
+		return user;
+	}
 }

src/main/java/com/commafeed/frontend/model/UserModel.java

@@ -5,10 +5,20 @@ import java.io.Serializable;
 @SuppressWarnings("serial")
 public class UserModel implements Serializable {
 
+	private Long id;
 	private String name;
+	private String password;
 	private boolean enabled;
 	private boolean admin;
 
+	public Long getId() {
+		return id;
+	}
+
+	public void setId(Long id) {
+		this.id = id;
+	}
+
 	public String getName() {
 		return name;
 	}
@@ -33,4 +43,12 @@ public class UserModel implements Serializable {
 		this.enabled = enabled;
 	}
 
+	public String getPassword() {
+		return password;
+	}
+
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
 }

src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java

@@ -33,6 +33,7 @@ import com.commafeed.backend.dao.UserService;
 import com.commafeed.backend.dao.UserSettingsService;
 import com.commafeed.backend.feeds.OPMLImporter;
 import com.commafeed.backend.model.User;
+import com.commafeed.backend.security.PasswordEncryptionService;
 import com.commafeed.backend.security.Role;
 import com.commafeed.frontend.CommaFeedApplication;
 import com.commafeed.frontend.CommaFeedSession;
@@ -76,6 +77,9 @@ public abstract class AbstractREST {
 	@Inject
 	OPMLImporter opmlImporter;
 
+	@Inject
+	PasswordEncryptionService encryptionService;
+
 	@PostConstruct
 	public void init() {
 		CommaFeedApplication app = CommaFeedApplication.get();

src/main/java/com/commafeed/frontend/rest/resources/AdminUsersREST.java

@@ -2,23 +2,95 @@ package com.commafeed.frontend.rest.resources;
 
 import java.util.Collection;
 import java.util.Map;
+import java.util.Set;
 
 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+
+import org.apache.commons.lang.StringUtils;
 
 import com.commafeed.backend.model.User;
 import com.commafeed.backend.model.UserRole;
 import com.commafeed.backend.security.Role;
 import com.commafeed.frontend.model.UserModel;
 import com.commafeed.frontend.rest.SecurityCheck;
+import com.google.common.base.Preconditions;
 import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
 
 @SecurityCheck(Role.ADMIN)
 @Path("admin/users")
 public class AdminUsersREST extends AbstractREST {
 
+	@Path("save")
+	@POST
+	public Response save(UserModel userModel) {
+		Preconditions.checkNotNull(userModel);
+		Preconditions.checkNotNull(userModel.getName());
+
+		Long id = userModel.getId();
+		if (id == null) {
+			Preconditions.checkNotNull(userModel.getPassword());
+
+			Set<String> roles = Sets.newHashSet(Role.USER);
+			if (userModel.isAdmin()) {
+				roles.add(Role.ADMIN);
+			}
+
+			User user = userService.register(userModel.getName(),
+					userModel.getPassword(), roles);
+			if (user == null) {
+				return Response.status(Status.CONFLICT)
+						.entity("User already exists.").build();
+			}
+		} else {
+			User user = userService.findById(id);
+			user.setName(userModel.getName());
+			if (StringUtils.isNotBlank(userModel.getPassword())) {
+				user.setPassword(encryptionService.getEncryptedPassword(
+						userModel.getPassword(), user.getSalt()));
+			}
+			user.setDisabled(!userModel.isEnabled());
+			userService.update(user);
+
+			Set<String> roles = userRoleService.getRoles(user);
+			if (userModel.isAdmin() && !roles.contains(Role.ADMIN)) {
+				userRoleService.save(new UserRole(user, Role.ADMIN));
+			} else if (!userModel.isAdmin() && roles.contains(Role.ADMIN)) {
+				for (UserRole userRole : userRoleService.findAll(user)) {
+					if (Role.ADMIN.equals(userRole.getRole())) {
+						userRoleService.delete(userRole);
+					}
+				}
+			}
+
+		}
+		return Response.ok(Status.OK).entity("OK").build();
+
+	}
+
 	@Path("get")
 	@GET
+	public UserModel getUser(@QueryParam("id") Long id) {
+		User user = userService.findById(id);
+		UserModel userModel = new UserModel();
+		userModel.setId(user.getId());
+		userModel.setName(user.getName());
+		userModel.setEnabled(!user.isDisabled());
+		for (UserRole role : userRoleService.findAll(user)) {
+			if (Role.ADMIN.equals(role.getRole())) {
+				userModel.setAdmin(true);
+			}
+		}
+		return userModel;
+	}
+
+	@Path("getAll")
+	@GET
 	public Collection<UserModel> getUsers() {
 		Map<Long, UserModel> users = Maps.newHashMap();
 		for (UserRole role : userRoleService.findAll()) {
@@ -27,6 +99,7 @@ public class AdminUsersREST extends AbstractREST {
 			UserModel userModel = users.get(key);
 			if (userModel == null) {
 				userModel = new UserModel();
+				userModel.setId(user.getId());
 				userModel.setName(user.getName());
 				userModel.setEnabled(!user.isDisabled());
 				users.put(key, userModel);

src/main/webapp/js/controllers.js

@@ -140,7 +140,8 @@ module.controller('FeedListCtrl', function($scope, $stateParams, $http, $route,
 		}, function(data) {
 			for ( var i = 0; i < data.entries.length; i++) {
 				$scope.entries.push(data.entries[i]);
-			};
+			}
+			;
 			$scope.name = data.name;
 			$scope.busy = false;
 			$scope.hasMore = data.entries.length == limit
@@ -249,9 +250,46 @@ module.controller('FeedListCtrl', function($scope, $stateParams, $http, $route,
 	});
 });
 
-module.controller('ManageUsersCtrl', function($scope, AdminUsersService) {
-	$scope.users = AdminUsersService.get();
-	$scope.gridOptions = {
-		data : 'users'
+module.controller('ManageUsersCtrl',
+		function($scope, $state, AdminUsersService) {
+			$scope.users = AdminUsersService.getAll();
+			$scope.selection = [];
+			$scope.gridOptions = {
+				data : 'users',
+				selectedItems : $scope.selection,
+				multiSelect : false,
+				afterSelectionChange : function(item) {
+					$state.transitionTo('admin.useredit', {
+						_id : item.entity.id
+					});
+				}
+			};
+
+			$scope.addUser = function() {
+				$state.transitionTo('admin.useradd');
+			};
+		});
+
+module.controller('ManageUserCtrl', function($scope, $state, $stateParams,
+		AdminUsersService) {
+	$scope.user = $stateParams._id ? AdminUsersService.get({
+		id : $stateParams._id
+	}) : {};
+	$scope.alerts = [];
+	$scope.closeAlert = function(index) {
+		$scope.alerts.splice(index, 1);
+	};
+
+	$scope.cancel = function(){
+		$state.transitionTo('admin.userlist');
+	}
+	$scope.save = function() {
+		AdminUsersService.save($scope.user, function() {
+			$state.transitionTo('admin.userlist');
+		}, function(data) {
+			$scope.alerts.push({
+				msg : data.data
+			});
+		});
 	};
 });

src/main/webapp/js/main.js

@@ -10,7 +10,8 @@ app.config(function($routeProvider, $stateProvider, $urlRouterProvider) {
 	});
 	$stateProvider.state('feeds.view', {
 		url : '/view/:_type/:_id',
-		templateUrl : 'templates/feeds.view.html'
+		templateUrl : 'templates/feeds.view.html',
+		controller : 'FeedListCtrl'
 	});
 
 	$stateProvider.state('admin', {
@@ -18,13 +19,24 @@ app.config(function($routeProvider, $stateProvider, $urlRouterProvider) {
 		url : '/admin',
 		templateUrl : 'templates/admin.html'
 	});
-	$stateProvider.state('admin.users', {
-		url : '/users',
-		templateUrl : 'templates/admin.users.html'
+	$stateProvider.state('admin.userlist', {
+		url : '/user/list',
+		templateUrl : 'templates/admin.userlist.html',
+		controller : 'ManageUsersCtrl'
+	});
+	$stateProvider.state('admin.useradd', {
+		url : '/user/add',
+		templateUrl : 'templates/admin.useradd.html',
+		controller : 'ManageUserCtrl'
+	});
+	$stateProvider.state('admin.useredit', {
+		url : '/user/edit/:_id',
+		templateUrl : 'templates/admin.useredit.html',
+		controller : 'ManageUserCtrl'
 	});
 
 	$urlRouterProvider.when('/', '/feeds/view/category/all');
-	$urlRouterProvider.when('/admin', '/admin/users');
+	$urlRouterProvider.when('/admin', '/admin/user/list');
 	$urlRouterProvider.otherwise('/');
 
 });

src/main/webapp/js/services.js

@@ -134,8 +134,20 @@ module.factory('AdminUsersService', function($resource) {
 			method : 'GET',
 			params : {
 				_method : 'get'
+			}
+		},
+		getAll : {
+			method : 'GET',
+			params : {
+				_method : 'getAll'
 			},
-			isArray: true
+			isArray : true
+		},
+		save : {
+			method : 'POST',
+			params : {
+				_method : 'save'
+			}
 		}
 	};
 	var res = $resource('rest/admin/users/:_method', {}, actions);

src/main/webapp/templates/admin.useradd.html

@@ -0,0 +1,45 @@
+<div class="row">
+	<div class="page-header">
+		<h1>Add user</h1>
+	</div>
+
+	<alert ng-repeat="alert in alerts" type="alert.type"
+		close="closeAlert($index)">{{alert.msg}}</alert>
+
+	<form name="userAddForm" class="form-horizontal" ng-submit="save()">
+		<div class="control-group"
+			ng-class="{error : !userAddForm.name.$valid}">
+			<label class="control-label" for="name">User name</label>
+			<div class="controls">
+				<input type="text" id="name" name="name" ng-model="user.name"
+					required />
+			</div>
+		</div>
+		<div class="control-group"
+			ng-class="{error : !userAddForm.password.$valid}">
+			<label class="control-label" for="password">Password</label>
+			<div class="controls">
+				<input type="password" id="password" name="password"
+					ng-model="user.password" required />
+			</div>
+		</div>
+		<div class="control-group">
+			<label class="control-label" for="admin">Admin</label>
+			<div class="controls">
+				<input type="checkbox" name="admin" ng-model="user.admin" />
+			</div>
+		</div>
+		<div class="control-group">
+			<label class="control-label" for="enabled">Enabled</label>
+			<div class="controls">
+				<input type="checkbox" name="enabled" ng-model="user.enabled" />
+			</div>
+		</div>
+		<div class="control-group">
+			<div class="controls">
+				<button type="button" class="btn" ng-click="cancel()">Cancel</button>
+				<button type="submit" class="btn btn-primary">Save</button>
+			</div>
+		</div>
+	</form>
+</div>

src/main/webapp/templates/admin.useredit.html

@@ -0,0 +1,46 @@
+<div class="row">
+	<div class="page-header">
+		<h1>Edit user</h1>
+	</div>
+
+	<alert ng-repeat="alert in alerts" type="alert.type"
+		close="closeAlert($index)">{{alert.msg}}</alert>
+
+	<form name="userAddForm" class="form-horizontal" ng-submit="save()">
+		<div class="control-group"
+			ng-class="{error : !userAddForm.name.$valid}">
+			<label class="control-label" for="name">User name</label>
+			<div class="controls">
+				<input type="text" id="name" name="name" ng-model="user.name"
+					required />
+			</div>
+		</div>
+		<div class="control-group"
+			ng-class="{error : !userAddForm.password.$valid}">
+			<label class="control-label" for="password">Password</label>
+			<div class="controls">
+				<input type="password" id="password" name="password"
+					ng-model="user.password" />
+					<span class="help-block">Leave blank if you don't want to change the password.</span>
+			</div>
+		</div>
+		<div class="control-group">
+			<label class="control-label" for="admin">Admin</label>
+			<div class="controls">
+				<input type="checkbox" name="admin" ng-model="user.admin" />
+			</div>
+		</div>
+		<div class="control-group">
+			<label class="control-label" for="enabled">Enabled</label>
+			<div class="controls">
+				<input type="checkbox" name="enabled" ng-model="user.enabled" />
+			</div>
+		</div>
+		<div class="control-group">
+			<div class="controls">
+				<button type="button" class="btn" ng-click="cancel()">Cancel</button>
+				<button type="submit" class="btn btn-primary">Save</button>
+			</div>
+		</div>
+	</form>
+</div>

src/main/webapp/templates/admin.userlist.html

@@ -3,7 +3,10 @@
 		<h1>Manage users</h1>
 	</div>
 
-	<div ng-controller="ManageUsersCtrl">
+	<div>
+		<div class="button-bar">
+			<button class="btn" ng-click="addUser()">Add user</button>
+		</div>
 		<div class="users-table" ng-grid="gridOptions"></div>
 	</div>
 </div>

src/main/webapp/templates/feeds.view.html

@@ -1,4 +1,4 @@
-<div ng-controller="FeedListCtrl">
+<div>
 
 	<div class="entrylist-header" ui-if="name">
 		<h3><span>{{name}}&nbsp;</span><span ng-show="name && selectedType == 'category'"> &#187;</span></h3>